MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 785e0ff473552935ca1c597ceabab86f74a07b7ca6bfc58531a7c2fe74539853. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	785e0ff473552935ca1c597ceabab86f74a07b7ca6bfc58531a7c2fe74539853
SHA3-384 hash:	46f24aeb2e581ddeed92611770e5a75afaabb03f18c5d6a51d98c5243503660b635848b7c68663c11a02ccc5825ec3e8
SHA1 hash:	47930a4645eb72deafe5ec16e680af2c5b542252
MD5 hash:	b81e7930d9ebccc08beb3b4d4bcbbeb4
humanhash:	uniform-lactose-mike-fish
File name:	STORGAARD.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	135'888 bytes
First seen:	2022-02-10 06:09:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	56a78d55f3f7af51443e58e0ce2fb5f6 (728 x GuLoader, 452 x Formbook, 295 x Loki)
ssdeep	3072:qbG7N2kDTHUpouKQE6YauN0iYDOFfiKi+CvS+3goePn0fjY:qbE/HUdEBa60LOFfr9/+3Cf0fjY
Threatray	1'546 similar samples on MalwareBazaar
TLSH	T186D3E0117B60D422D992063124B8D73A4FF57DB652719F833BC07FAB7EB22428A1E754
File icon (PE):
dhash icon	60f0e47c3894e039 (2 x GuLoader)
Reporter	abuse_ch
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:	leucine
Issuer:	leucine
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-02-10T04:17:53Z
Valid to:	2023-02-10T04:17:53Z
Serial number:	00
Intelligence:	325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:	This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	d20579f37fa323a184a671134975a7ab07c3cb6436daa18ee2c4d4609c36c189
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

1

# of downloads :

279

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/240125/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Creating a file in the %temp% directory

Creating a file

DNS request

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/6204ac3fa35489c8da00397b/reports/22974033-1650-45df-9aed-784f5c51a2f8/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/096a983e-eebb-40ed-a62f-bcee6c920df3

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/937355

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/785e0ff473552935ca1c597ceabab86f74a07b7ca6bfc58531a7c2fe74539853/

Threat name:

Win32.Downloader.GuLoader

Status:

Malicious

First seen:

2022-02-10 06:10:11 UTC

File Type:

PE (Exe)

Extracted files:

4

AV detection:

3 of 28 (10.71%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pbpa75dtkuutlsq4lf6ovovyn52ka634u274lbjru7bp45cttbjq._file

Verdict:

unknown

Similar samples:

00caa54a646237cf00f305613cdd9e0e8dd8e4dcd9706bbdfc71e22f6e673683

10f957f6ae25382ddca0fc6fbd364f20d6e4cfa2f49728167bc1504cd3be0c46

4959de8067a62478d5192edb0c7822484ea3f75c643100b4c73b0165eadd8911

4fa28556557b228a0cabb6a51597217e09afdf58a140b1181f0bd8325e6e4d0f

7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347

7916f9aeaf36a8fec95e5a5cb7372f509e6597d3b8648a636b425f382e6993f8

c5072b4120ac9daa3dc0e000cce9e6d6e3a1ca01fed779e0b43d877a744409cd

c5c0fbca778f53dc085d84ad3f038e4a20bce7add5f07012594194bc3bca522a

+ 1'536 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/220210-gw3bhsfcam/

Behaviour

Suspicious use of AdjustPrivilegeToken

Enumerates physical storage devices

Drops file in Windows directory

Loads dropped DLL

Guloader,Cloudeye

Unpacked files

SH256 hash:

8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

MD5 hash:

cff85c549d536f651d4fb8387f1976f2

SHA1 hash:

d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

Link:

https://www.unpac.me/results/4a77a466-2f64-4d10-a6e2-c5df4d8d7327/

SH256 hash:

785e0ff473552935ca1c597ceabab86f74a07b7ca6bfc58531a7c2fe74539853

MD5 hash:

b81e7930d9ebccc08beb3b4d4bcbbeb4

SHA1 hash:

47930a4645eb72deafe5ec16e680af2c5b542252

Link:

https://www.unpac.me/results/4a77a466-2f64-4d10-a6e2-c5df4d8d7327/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/240125/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample